Apple on Monday released updates to iOS[1], macOS[2], tvOS[3], and watchOS[4] with security patches
for multiple vulnerabilities, including a remote jailbreak exploit
chain as well as a number of critical issues in the Kernel and
Safari web browser that were first demonstrated at the Tianfu Cup
held in China two months ago.
Tracked as CVE-2021-30955, the issue could have enabled a
malicious application to execute arbitrary code with kernel
privileges. Apple said it addressed the issue with “improved state
handling.” The flaw also impacts macOS devices.
“The kernel bug CVE-2021-30955 is the one we tried [to] use to
build our remote jailbreak chain but failed to complete on time,”
Kunlun Lab’s chief executive, @mj0011sec, said[5]
in a tweet. A set of kernel vulnerabilities were eventually
harnessed by the Pangu Team at the Tianfu hacking contest[6]
to break into an iPhone13 Pro running iOS 15, a feat that netted
the white hat hackers $330,000 in cash rewards.
Besides CVE-2021-30955, a total of five Kernel and four IOMobileFrameBuffer[7]
(a kernel extension for managing the screen framebuffer[8]) flaws have been
remediated with the latest updates —
- CVE-2021-30927 and CVE-2021-30980: A use after
free issue that could allow a rogue application to run arbitrary
code with kernel privileges. - CVE-2021-30937: A memory corruption
vulnerability that could allow a rogue application to run arbitrary
code with kernel privileges. - CVE-2021-30949: A memory corruption issue that
could allow a rogue application to run arbitrary code with kernel
privileges. - CVE-2021-30993: A buffer overflow issue that
could allow an attacker in a privileged network position may be
able to execute arbitrary code - CVE-2021-30983: A buffer overflow issue that
could allow an application to run arbitrary code with kernel
privileges. - CVE-2021-30985: An out-of-bounds write issue
that could allow a rogue application to run arbitrary code with
kernel privileges. - CVE-2021-30991: An out-of-bounds read issue
that could allow a malicious application to run arbitrary code with
kernel privileges. - CVE-2021-30996: A race condition[9]
that could allow a rogue application to run arbitrary code with
kernel privileges.
On the macOS front, the Cupertino-based company patched an issue
with the Wi-Fi module (CVE-2021-30938) that a local user on the
system could exploit to cause unexpected system termination and
even read kernel memory. The tech giant credited Xinru Chi of Pangu
Lab with reporting the flaw.
Also fixed are seven security flaws in the WebKit component —
CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952,
CVE-2021-30953, CVE-2021-30954, and CVE-2021-30984t — that could
potentially result in a scenario where processing specially crafted
web content may lead to arbitrary code execution.
Additionally, Apple also resolved a couple of issues affecting
Notes, and Password Manager in iOS that could enable a person with
physical access to an iOS device to access contacts from the lock
screen and retrieve stored passwords without any authentication.
Last but not least, a bug in FaceTime has been squashed, which
otherwise may have leaked sensitive user information through Live
Photos metadata.
References
- ^
iOS
(support.apple.com) - ^
macOS
(support.apple.com) - ^
tvOS
(support.apple.com) - ^
watchOS
(support.apple.com) - ^
said
(twitter.com) - ^
Tianfu
hacking contest (thehackernews.com) - ^
IOMobileFrameBuffer
(iphonedev.wiki) - ^
framebuffer
(en.wikipedia.org) - ^
race
condition (en.wikipedia.org)
Read more https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html